Binary Hack Research & Development
Quick Research & Development Thread Page 24
Started by Spherical Ice January 9th, 2010 2:23 AM- 793742 views
- 1209 replies
Rough Skin in Gen 3 makes the attacker lose 1/16 of its maximum hp, while gen 4 and beyond makes the attacker lose 1/8. To fix this in Emerald, go to 0x433CE and change 00 09 to C0 08.
EDIT: To do this for Firered, do the same thing at 0x1AADA
EDIT: To do this for Firered, do the same thing at 0x1AADA
Does anyone here know anything about Dynamic Pokemon Levels (where the levels of trainers and/or wild pokemon change depending only our own Pokemon levels)?
I've seen a few older hacks that have used it, but so far I can't find anything documenting how they implemented it.
I've seen a few older hacks that have used it, but so far I can't find anything documenting how they implemented it.
"The human sacrificed himself, to save the Pokemon. I pitted them against each other, but not until they set aside their differences did I see the true power they all share deep inside. I see now that the circumstances of one's birth are irrelevant; it is what you do with the gift of life that determines who you are." -Mewtwo
(for Emerald) These offsets determine how many Pokémon show up in the Hoenn dex:
xBC8FE - amount you want
xBC926 - amount you want
xC0890 - amount you want minus one
You can only have up to 255 in the regional dex.
I'm sure there's some limiters related to the Summary screen and the Save screen that I've possibly missed but I can't confirm it right now.
xBC8FE - amount you want
xBC926 - amount you want
xC0890 - amount you want minus one
You can only have up to 255 in the regional dex.
I'm sure there's some limiters related to the Summary screen and the Save screen that I've possibly missed but I can't confirm it right now.
Twitter: https://twitter.com/jmatz1995
I'm not completely sure if this is known already,I haven't seen it, only for FireRed, But I think I found the table for Emerald which points to the ASM for the script commands. I'm not completely certain, but I think it is this: 081DB67C
Could you guys, who are better at hacking Emerald verify this?
Or tell me that it has already been found so that I can delete this post.
Could you guys, who are better at hacking Emerald verify this?
Or tell me that it has already been found so that I can delete this post.
I'm no longer active here, I check back every now and then to see what happens, but that's it. I no longer hack either.
trainerbattle 0x2 is not the same as trainerbattle 0x1, unlike what I've seen posted in some places. 0x2 will continue the script after the battle but also with encounter music, whereas 0x1 does not play any encounter music.
I'm not completely sure if this is known already,I haven't seen it, only for FireRed, But I think I found the table for Emerald which points to the ASM for the specials. I'm not completely certain, but I think it is this: 081DB67C
Could you guys, who are better at hacking Emerald verify this?
Or tell me that it has already been found so that I can delete this post.
Edit: Yeah This might already be known, please someone tell me.
The script command table is at 081DB67C, not the specials. The special table is actually located at 081DBA64.
Could you guys, who are better at hacking Emerald verify this?
Or tell me that it has already been found so that I can delete this post.
Edit: Yeah This might already be known, please someone tell me.
The script command table is at 081DB67C, not the specials. The special table is actually located at 081DBA64.
I knew something was strange with my post, I was wondering why. *facepalm*
I'm no longer active here, I check back every now and then to see what happens, but that's it. I no longer hack either.
I was messing around trying to find behavior byte scripts, and found this. Anyone know where it's used?
'---------------
#org 0x271CB7
lockall
checksound
additem 0x8005 0x1
copyvar 0x8007 LASTRESULT
bufferitems2 0x1 0x8005 0x1
checkitemtype 0x8005
call 0x8271B08
compare 0x8007 0x1
if 0x1 goto 0x8271CE8
compare 0x8007 0x0
if 0x1 goto 0x8271D47
end
'---------------
#org 0x271B08
copyvar 0x8000 LASTRESULT
compare 0x8000 0x1
if 0x1 goto 0x8271B45
compare 0x8000 0x5
if 0x1 goto 0x8271B55
compare 0x8000 0x2
if 0x1 goto 0x8271B65
compare 0x8000 0x3
if 0x1 goto 0x8271B75
compare 0x8000 0x4
if 0x1 goto 0x8271B85
end
'---------------
#org 0x271CE8
copyvar 0x8008 0x8004
copyvar 0x8004 0x8005
special2 LASTRESULT 0x19E
compare LASTRESULT 0x1
if 0x1 goto 0x8271D0E
compare LASTRESULT 0x0
if 0x1 goto 0x8271D1F
end
'---------------
#org 0x271D47
msgbox 0x8272ABF MSG_KEEPOPEN '"[player] found one [buffer2]!"
msgbox 0x8272AD0 MSG_KEEPOPEN '"Too bad!\nThe bag is full[.]"
setvar LASTRESULT 0x0
releaseall
end
'---------------
#org 0x271B45
bufferstd 0x2 0xE
compare 0x8007 0x1
if 0x1 call 0x8271BAF
return
'---------------
#org 0x271B55
bufferstd 0x2 0xF
compare 0x8007 0x1
if 0x1 call 0x8271BAF
return
'---------------
#org 0x271B65
bufferstd 0x2 0x10
compare 0x8007 0x1
if 0x1 call 0x8271BAF
return
'---------------
#org 0x271B75
bufferstd 0x2 0x11
compare 0x8007 0x1
if 0x1 call 0x8271BB3
return
'---------------
#org 0x271B85
bufferstd 0x2 0x12
compare 0x8007 0x1
if 0x1 call 0x8271BAF
return
'---------------
#org 0x271D0E
bufferitems2 0x0 0x8004 0x1
preparemsg 0x82731A9 '"[player] found one [buffer1]\n[buf..."
goto 0x8271D2A
'---------------
#org 0x271D1F
preparemsg 0x8272ABF '"[player] found one [buffer2]!"
goto 0x8271D2A
'---------------
#org 0x271BAF
fanfare 0x172
return
'---------------
#org 0x271BB3
fanfare 0x174
return
'---------------
#org 0x271D2A
waitmsg
waitfanfare
bufferitems2 0x1 0x8004 0x1
copyvar 0x8004 0x8008
msgbox 0x8272A9A MSG_KEEPOPEN '"[player] put away the [buffer2]\ni..."
special 0x158
special 0x99
releaseall
end
'---------
' Strings
'---------
#org 0x272ABF
= [player] found one [buffer2]!
#org 0x272AD0
= Too bad!\nThe bag is full[.]
#org 0x2731A9
= [player] found one [buffer1]\n[buffer2]!
#org 0x272A9A
= [player] put away the [buffer2]\nin the [buffer3] Pocket.
'---------------
#org 0x271CB7
lockall
checksound
additem 0x8005 0x1
copyvar 0x8007 LASTRESULT
bufferitems2 0x1 0x8005 0x1
checkitemtype 0x8005
call 0x8271B08
compare 0x8007 0x1
if 0x1 goto 0x8271CE8
compare 0x8007 0x0
if 0x1 goto 0x8271D47
end
'---------------
#org 0x271B08
copyvar 0x8000 LASTRESULT
compare 0x8000 0x1
if 0x1 goto 0x8271B45
compare 0x8000 0x5
if 0x1 goto 0x8271B55
compare 0x8000 0x2
if 0x1 goto 0x8271B65
compare 0x8000 0x3
if 0x1 goto 0x8271B75
compare 0x8000 0x4
if 0x1 goto 0x8271B85
end
'---------------
#org 0x271CE8
copyvar 0x8008 0x8004
copyvar 0x8004 0x8005
special2 LASTRESULT 0x19E
compare LASTRESULT 0x1
if 0x1 goto 0x8271D0E
compare LASTRESULT 0x0
if 0x1 goto 0x8271D1F
end
'---------------
#org 0x271D47
msgbox 0x8272ABF MSG_KEEPOPEN '"[player] found one [buffer2]!"
msgbox 0x8272AD0 MSG_KEEPOPEN '"Too bad!\nThe bag is full[.]"
setvar LASTRESULT 0x0
releaseall
end
'---------------
#org 0x271B45
bufferstd 0x2 0xE
compare 0x8007 0x1
if 0x1 call 0x8271BAF
return
'---------------
#org 0x271B55
bufferstd 0x2 0xF
compare 0x8007 0x1
if 0x1 call 0x8271BAF
return
'---------------
#org 0x271B65
bufferstd 0x2 0x10
compare 0x8007 0x1
if 0x1 call 0x8271BAF
return
'---------------
#org 0x271B75
bufferstd 0x2 0x11
compare 0x8007 0x1
if 0x1 call 0x8271BB3
return
'---------------
#org 0x271B85
bufferstd 0x2 0x12
compare 0x8007 0x1
if 0x1 call 0x8271BAF
return
'---------------
#org 0x271D0E
bufferitems2 0x0 0x8004 0x1
preparemsg 0x82731A9 '"[player] found one [buffer1]\n[buf..."
goto 0x8271D2A
'---------------
#org 0x271D1F
preparemsg 0x8272ABF '"[player] found one [buffer2]!"
goto 0x8271D2A
'---------------
#org 0x271BAF
fanfare 0x172
return
'---------------
#org 0x271BB3
fanfare 0x174
return
'---------------
#org 0x271D2A
waitmsg
waitfanfare
bufferitems2 0x1 0x8004 0x1
copyvar 0x8004 0x8008
msgbox 0x8272A9A MSG_KEEPOPEN '"[player] put away the [buffer2]\ni..."
special 0x158
special 0x99
releaseall
end
'---------
' Strings
'---------
#org 0x272ABF
= [player] found one [buffer2]!
#org 0x272AD0
= Too bad!\nThe bag is full[.]
#org 0x2731A9
= [player] found one [buffer1]\n[buffer2]!
#org 0x272A9A
= [player] put away the [buffer2]\nin the [buffer3] Pocket.
So, I was messing around the behavior byte scripts, yet again, and found these things that may be useful.. EM btw
290B0F dive script
290A49 waterfall script
271EA0 surf
23B684 weird behavior byte script
2C8393 timer script?
27381B questionare
272604 useless blueprint
2725F2 useless empty garbage can
2725E9 expensive vase
292DE5 instructions for running shoes
27208F player sees region map
26A22A trick master door
2A4BAC pokeblock feeder
2393F9 "the door is locked"
1E615D oddly, the same thing as ^
271D92 Pokemon center PC
27EE0B player's tv
290B5A dive (while you're under)
2A8337 player hides, and warpholes
252BE8 very complicated script
2736BC player whites out script
291FC0 egg is hatching/ "Huh?"
1DF7BA wally calls you and you register him
21307B roxanne calls you
224175 rival calls you to talk about rayquaza
290B0F dive script
290A49 waterfall script
271EA0 surf
23B684 weird behavior byte script
2C8393 timer script?
27381B questionare
272604 useless blueprint
2725F2 useless empty garbage can
2725E9 expensive vase
292DE5 instructions for running shoes
27208F player sees region map
26A22A trick master door
2A4BAC pokeblock feeder
2393F9 "the door is locked"
1E615D oddly, the same thing as ^
271D92 Pokemon center PC
27EE0B player's tv
290B5A dive (while you're under)
2A8337 player hides, and warpholes
252BE8 very complicated script
2736BC player whites out script
291FC0 egg is hatching/ "Huh?"
1DF7BA wally calls you and you register him
21307B roxanne calls you
224175 rival calls you to talk about rayquaza
So, as I was playing my hack, I saw this, which I had no clue happened.
https://www.youtube.com/watch?v=-anF9453beU&feature=youtu.be&t=42s
I'm going to try to find the script, and when I talked to the Oran berry while transforming, I got this.
Now, I had no idea that happened, but I think it'll be pretty cool to find it.
So, apperantly, that is called from this:
special 0x2C
copyvar 0x8000 0x8004
compare 0x8000 0xFF
if 0x1 goto 0x827434F
and at 0x827434F, there is:
#org 0x27434F
lockall
preparemsg 0x8274744 '"!"
waitmsg
waitkeypress
releaseall
end
https://www.youtube.com/watch?v=-anF9453beU&feature=youtu.be&t=42s
I'm going to try to find the script, and when I talked to the Oran berry while transforming, I got this.
Now, I had no idea that happened, but I think it'll be pretty cool to find it.
So, apperantly, that is called from this:
special 0x2C
copyvar 0x8000 0x8004
compare 0x8000 0xFF
if 0x1 goto 0x827434F
and at 0x827434F, there is:
#org 0x27434F
lockall
preparemsg 0x8274744 '"!"
waitmsg
waitkeypress
releaseall
end
So, as I was playing my hack, I saw this, which I had no clue happened.
https://www.youtube.com/watch?v=-anF9453beU&feature=youtu.be&t=42s
I'm going to try to find the script, and when I talked to the Oran berry while transforming, I got this.
Now, I had no idea that happened, but I think it'll be pretty cool to find it.
I've actually seen this happen before once while I played my actual cartridge. It was pretty cool to see. Interesting to know that particular special, because it might give some insight on berry stuffs for the future or whatever.
https://www.youtube.com/watch?v=-anF9453beU&feature=youtu.be&t=42s
I'm going to try to find the script, and when I talked to the Oran berry while transforming, I got this.
Now, I had no idea that happened, but I think it'll be pretty cool to find it.
The critical hit table is located at x250530 for FireRed and x31c128 for Emerald. Place the bytes 10 00 08 00 02 00 01 00 01 00 at the respective locations to update the table to Generation 6 mechanics.
I also might search the bytes for focus energy and high-critical hit ratio moves too and update this too.
EDIT: I checked the routines in FR,EM and Ruby ROMs. And in all of them, focus energy gives +2 crit level and high crit moves give +1 crit level which is up to gen vi standards. I also tested focus+scope lens combo (always getting crits) and high crit move+scope lens combo (not always giving critical but high chance). So i think no further byte change is required if the two tests pass which it did while i was testing in fire red.
I also might search the bytes for focus energy and high-critical hit ratio moves too and update this too.
EDIT: I checked the routines in FR,EM and Ruby ROMs. And in all of them, focus energy gives +2 crit level and high crit moves give +1 crit level which is up to gen vi standards. I also tested focus+scope lens combo (always getting crits) and high crit move+scope lens combo (not always giving critical but high chance). So i think no further byte change is required if the two tests pass which it did while i was testing in fire red.
^ Adding to KDS's post, the critical hit table for Ruby is located at x1FAB50. ^_^
Though I haven't tested it yet.
Though I haven't tested it yet.
The critical hit table is located at x250530 for FireRed and x31c128 for Emerald. Place the bytes 10 00 08 00 02 00 01 00 01 00 at the respective locations to update the table to Generation 6 mechanics.
I am assuming this changes both the rate of crits AND the damage multiplier? Not just one or the other?
I also might search the bytes for focus energy and high-critical hit ratio moves too and update this too.
Please do!
I am assuming this changes both the rate of crits AND the damage multiplier? Not just one or the other?
This only changes the rate as per the table mentioned in bulbapedia. Not the multiplier to 1.5.
Please do!
See the original post again.
So I'm a little stuck. I've been working to try and get something to pop up on the bottom right menu. Which is this one
Normally the blue text HM move shows up if the Pokemon has learned the move. However, I'm having a hard time checking where it starts to do this. Some offsets which I have discovered:
081245A4 is a function used by the menu to determine what these HM options do. This part is executed once you've selected, say "FLY" for example and press "a" on it.
08122BD4 is where the Pokemon menu seems to be generated. Unfortunately, it's a very complex functions (the whole menu thing is) and from there the subroutines are not easy to figure out.
though I didn't find anything that seems to check Pokemon moves.
08121E5E: The menu seems to be already generated by now. Just assigning options to functions here (I think).
All of a sudden after some generating of Pokemon menu, we have the graphics of the bottom right menu!
08121F00: Bottom right menu generation (graphical?) starts
08121F04-08121F10: Looks like it's generating graphics box styles and sizes
08121F12: Opens a different menu depending on when the menu is opened i.e battle vs outside?? (very maybe)
As you can see I'm pretty torn between what direction I should go. Quite obviously they're going to be drawing the boxes and implementing text speed AFTER the menu options are confirmed so I don't think there's meaning to look past 08121F00. At 08122BD4 I can't seem to find the HM check. I've tried to go further back than 08122BD4 but that seems to be too far back, as there it starts generating pokemon menu :P
Anyone wanna throw me a bone? Oh here are a few things some people may find useful:
0812461C: seems to be where the badge is checked if using HM move from the menu
You want to change to bytes at 08124630's beq to just a b to remove the badge check..alternatively you can change the badge check to your own check by branching somewhere else at 08124626.
Normally the blue text HM move shows up if the Pokemon has learned the move. However, I'm having a hard time checking where it starts to do this. Some offsets which I have discovered:
081245A4 is a function used by the menu to determine what these HM options do. This part is executed once you've selected, say "FLY" for example and press "a" on it.
08122BD4 is where the Pokemon menu seems to be generated. Unfortunately, it's a very complex functions (the whole menu thing is) and from there the subroutines are not easy to figure out.
though I didn't find anything that seems to check Pokemon moves.
08121E5E: The menu seems to be already generated by now. Just assigning options to functions here (I think).
All of a sudden after some generating of Pokemon menu, we have the graphics of the bottom right menu!
08121F00: Bottom right menu generation (graphical?) starts
08121F04-08121F10: Looks like it's generating graphics box styles and sizes
08121F12: Opens a different menu depending on when the menu is opened i.e battle vs outside?? (very maybe)
As you can see I'm pretty torn between what direction I should go. Quite obviously they're going to be drawing the boxes and implementing text speed AFTER the menu options are confirmed so I don't think there's meaning to look past 08121F00. At 08122BD4 I can't seem to find the HM check. I've tried to go further back than 08122BD4 but that seems to be too far back, as there it starts generating pokemon menu :P
Anyone wanna throw me a bone? Oh here are a few things some people may find useful:
0812461C: seems to be where the badge is checked if using HM move from the menu
You want to change to bytes at 08124630's beq to just a b to remove the badge check..alternatively you can change the badge check to your own check by branching somewhere else at 08124626.
...
I found the way to emulate the critical-hit nerf (2x to 1.5x) in Gen III.
This just hijacks the way of manipulating the critical hit damage using the critical hit marker.
UDPATE: CORRECTED(Thanks to Aruaruu for finding the flaw)
For Fire Red:
For Emerald:
This just hijacks the way of manipulating the critical hit damage using the critical hit marker.
UDPATE: CORRECTED(Thanks to Aruaruu for finding the flaw)
For Fire Red:
Spoiler:
For Emerald:
Spoiler:
-snip-
Oh wow. Thanks for this. I will test it out with Emerald some time.Got a question. About the byte changes you posted before.
Lets say I wanted to have the Gen VI Crit chance, but with the Gen 3 Class Stages.
e.g
Spoiler:
Would it be possible to do that by altering those bytes?
Supposedly someone else documented this, but I couldn't find it in the thread index so I'm posting it again.
FR's Vs. Seeker table is at x45318C. Each entry is 16 (0x10) bytes, as follows:
0x0: half-word, denotes the trainer's ID in the first fight with them
0x2: up to five half-words denoting rematch IDs. FFFF is used as filler if more is coming, 0000 to terminate early.
0xC: half-word, seems to always be 3.
0xE: half-word, ranges from x15 to x41. Never seemed to be read in my tests. Appears to scale with trainer's levels in the base game (and by extension position).
The table has xDD entries and no terminator; the (a?) limiter is at x10d09c.
FR's Vs. Seeker table is at x45318C. Each entry is 16 (0x10) bytes, as follows:
0x0: half-word, denotes the trainer's ID in the first fight with them
0x2: up to five half-words denoting rematch IDs. FFFF is used as filler if more is coming, 0000 to terminate early.
0xC: half-word, seems to always be 3.
0xE: half-word, ranges from x15 to x41. Never seemed to be read in my tests. Appears to scale with trainer's levels in the base game (and by extension position).
The table has xDD entries and no terminator; the (a?) limiter is at x10d09c.
Oh wow. Thanks for this. I will test it out with Emerald some time.
Got a question. About the byte changes you posted before.
Lets say I wanted to have the Gen VI Crit chance, but with the Gen 3 Class Stages.
e.g
Would it be possible to do that by altering those bytes?
It is possible. I already found the specific checks for each crit boosting element that you have mentioned except the lansat berry.
Got a question. About the byte changes you posted before.
Lets say I wanted to have the Gen VI Crit chance, but with the Gen 3 Class Stages.
e.g
Spoiler:
Would it be possible to do that by altering those bytes?
It is possible. I already found the specific checks for each crit boosting element that you have mentioned except the lansat berry.
Great! I will play around with it then...and I also tested your Crit damage nerf ASM for Emerald. It appears to lock button input when the Fight/Bag/Pkmn/Run commands come up during a trainer battle. Wild battles don't cause this though. I tried removing the byte changes you posted before and it didn't make any difference.
I still need to try it on a clean rom though.
Clean rom produces same result.
Great! I will play around with it then.
..and I also tested your Crit damage nerf ASM for Emerald. It appears to lock button input when the Fight/Bag/Pkmn/Run commands come up during a trainer battle. Wild battles don't cause this though. I tried removing the byte changes you posted before and it didn't make any difference.
I still need to try it on a clean rom though.
Clean rom produces same result.
..and I also tested your Crit damage nerf ASM for Emerald. It appears to lock button input when the Fight/Bag/Pkmn/Run commands come up during a trainer battle. Wild battles don't cause this though. I tried removing the byte changes you posted before and it didn't make any difference.
I still need to try it on a clean rom though.
Clean rom produces same result.
Well, the problem was in the second routine which was stupidity of erroneous branching in my part, the first one was working properly. Now, it is fixed in the OP :D.
If you are looking to be able to catch other trainer's pokemon (either via cheat code or custom ASM balls), disable the BL at 08040B36 by overwriting it with 00 00 00 00. What this does is it will prevent the caught pokemon's ID from being overwritten with the player's ID, thus making the data section get properly unencrypted and the checksum made valid. And, as a bonus, this has no adverse effect on normally caught wild pokemon, since the wild pokemon are pre-generated with the player's ID and thus don't need the trainer ID set. If you wanted to take this a step further and properly set your ID, you could branch into a custom ASM routine, decrypt the data section, set the ID to your ID, and then re-encrypt it with the new ID properly set. In it's current state however, it will act as if it were a traded Pokemon and might not listen 100% of the time.
Thanks to FIQ for allowing me to figure this out, I've always wondered why this happened. If anyone wants to make a proper cheat code or something you can use these byte modifications:
Thanks to FIQ for allowing me to figure this out, I've always wondered why this happened. If anyone wants to make a proper cheat code or something you can use these byte modifications:
[21:14] < FBI> 0802D496: E0 E0 @disable trainer blocking [21:14] < FBI> 08040B36: 00 00 00 00 00 @disable trainer ID overwrite
Male
Criscanto town-Ginoa Region xD
Seen August 13th, 2017
Posted January 1st, 2017
792
posts
9.1
Years
I've just got some very quick offsets for Pokedex hacking.
I'm not sure whether it's already been posted, I don't think so, as I had to discover these on my own.
I've found 2 limiters for the Kantodex that are quite useful, which when combined with Jambo51's already posted offsets, can allow for the Kantodex to act as a national dex.
Even though Jambo already found the limiter for the Kantodex itself, it would still not display the correct seen/caught numbers as they were still limited to 150 as were the habitats.
By changing the number 96 at the offset: 104BF2
You can extend the limit to the seen/caught text. Eg. changing 96 to FA will allow for a max of 250 seen/caught Pokemon.
By changing the number 97 at the offset: 106828
You can extend the number of Pokemon that will be correctly featured in the habitat pages. Eg. changing 97 to FA will allow for the first 250 Pokemon in your pokedex to be displayed in the habitat pages before receiving the national dex.
This can be helpful as it stops people from having to give the national dex at the start of the game.
I'll just repost Jambo's limiters from his thread here
0x10352C - mov r1, #0x97
0x1035F6 - cmp r0, #0x96
Just change those 2 bytes at that offset to the number of Pokemon you want in.
how about if I want it 300 or 12C in hex...I'm not sure whether it's already been posted, I don't think so, as I had to discover these on my own.
I've found 2 limiters for the Kantodex that are quite useful, which when combined with Jambo51's already posted offsets, can allow for the Kantodex to act as a national dex.
Even though Jambo already found the limiter for the Kantodex itself, it would still not display the correct seen/caught numbers as they were still limited to 150 as were the habitats.
By changing the number 96 at the offset: 104BF2
You can extend the limit to the seen/caught text. Eg. changing 96 to FA will allow for a max of 250 seen/caught Pokemon.
By changing the number 97 at the offset: 106828
You can extend the number of Pokemon that will be correctly featured in the habitat pages. Eg. changing 97 to FA will allow for the first 250 Pokemon in your pokedex to be displayed in the habitat pages before receiving the national dex.
This can be helpful as it stops people from having to give the national dex at the start of the game.
I'll just repost Jambo's limiters from his thread here
0x10352C - mov r1, #0x97
0x1035F6 - cmp r0, #0x96
Just change those 2 bytes at that offset to the number of Pokemon you want in.
What would I change?